{ config, pkgs, pkgs-unstable, ... }:

{
  # ops-jrz1 production VPS configuration
  # Imports extracted Matrix modules from ops-base

  imports = [
    # Hardware configuration
    ../hardware-configuration.nix

    # Matrix platform modules
    ../modules/matrix-continuwuity.nix
    ../modules/mautrix-slack.nix
    ../modules/mautrix-whatsapp.nix
    ../modules/mautrix-gmessages.nix
    ../modules/dev-services.nix
    ../modules/security/fail2ban.nix
    ../modules/security/ssh-hardening.nix
    ../modules/matrix-secrets
  ];

  # System configuration
  networking.hostName = "jrz1";

  # sops-nix secrets management
  sops.defaultSopsFile = ../secrets/secrets.yaml;
  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];

  sops.secrets.matrix-registration-token = {
    owner = "continuwuity";
    group = "continuwuity";
    mode = "0440";
  };

  sops.secrets.acme-email = {
    owner = "root";
    mode = "0444";
  };

  # Matrix homeserver configuration
  services.matrix-homeserver = {
    enable = true;
    domain = "clarun.xyz";
    port = 8008;
    enableRegistration = true;
    enableFederation = false;
  };

  # Development platform services (Matrix, Forgejo, bridges)
  services.dev-platform = {
    enable = true;
    domain = "clarun.xyz";

    matrix = {
      enable = true;
      serverName = "clarun.xyz";
      port = 8008;
    };

    forgejo = {
      enable = true;
      subdomain = "git";
      port = 3000;
    };

    slackBridge = {
      enable = true;
      workspace = "delpadtech";
      port = 29319;
    };
  };

  system.stateVersion = "24.05";
}